package com.capgemini.fs.presentation.filters;

import java.io.IOException;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

public class AccessControlFilter implements Filter{

	private ServletContext servletContext;
	
	public void init(FilterConfig config) throws ServletException {
		this.servletContext = config.getServletContext();
	}

	@SuppressWarnings("unchecked")
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest)request;
		HttpSession session = req.getSession();
		String uri = req.getRequestURI();
				
		RequestDispatcher loginDispatcher = this.servletContext.getRequestDispatcher("/Pages/Jsp/Login/login.jsp");
		RequestDispatcher login = this.servletContext.getRequestDispatcher("/login.do");
		
	    
		//if the user haven't login, forward to the login page
		if(session == null || session.getAttribute("username") == null 
				|| session.getAttribute(session.getAttribute("username") + "_urls") == null) {
			
			login.forward(request, response);
			return;
			
		} else {
            // get the urls the user can access.
			Set<String> urls = (Set)session.getAttribute(session.getAttribute("username") + "_urls");
			String path = this.getPath(uri);
		
			if(urls.contains(path)){
				//if the user have the access to the url, then forward to that url
				chain.doFilter(request, response);
				return;
			} else {
				//else invalidate the session, ask the user to relogin as a user who has the access to this url.
//				session.invalidate();
				request.setAttribute("relogin", "true");
				loginDispatcher.forward(request, response);	
			}
						
		} 		
		
		
	}
	
	public void destroy() {
		// TODO Auto-generated method stub
		
	}
    
	/**
	 * Get the uri path of the url, we are going to use this to check if the user have the access to this 
	 * url.
	 */
    private String getPath(String uri){
		String s = uri;
		String path = null;
		
		
		int i1=-1;
		int i2=-1;
		int i3=-1;
		int i4=-1;
		int i5=-1;
		
		i1 = s.indexOf("/");
		
		if(i1 != -1)
		    i2 = s.indexOf("/", i1+1);
		if(i2 != -1) {
			if(s.indexOf("/util/") != -1){
				path = s.substring(i2, s.indexOf("/util/") + 5);
				return path;
			}
			
		    i3 = s.indexOf("/", i2+1);
		}		

		
		
		if(i3 != -1)
		i4 = s.indexOf("/", i3+1);
		
		i5 = s.lastIndexOf(".do");
		
		if(i3 == -1 || i4 == -1){
			if(i2 != -1 && i5 != -1 ) {
				path = s.substring(i2, i5);	
			}

		} else {
			if(i2 != -1 && i5 != -1 ) {
			  path = s.substring(i2, i4);
			}
		}
		
		return path;
    }

}
